The pom.xml says log4j is version 1.2.17 which, if I am not mistaken, is the patched version. That's what is in github now - it says nothing (to me) about older versions in use.
On Thu, Dec 16, 2021 at 7:28 AM Pastrana, Rodrigo (RIS-BCT) < rodrigo.pastr...@lexisnexisrisk.com> wrote: > Is Zeppelin affected by the recently discovered log4j vulnerability? > > > > I was not able to find an official announcement. Thanks. > > ------------------------------ > The information contained in this e-mail message is intended only for the > personal and confidential use of the recipient(s) named above. This message > may be an attorney-client communication and/or work product and as such is > privileged and confidential. If the reader of this message is not the > intended recipient or an agent responsible for delivering it to the > intended recipient, you are hereby notified that you have received this > document in error and that any review, dissemination, distribution, or > copying of this message is strictly prohibited. If you have received this > communication in error, please notify us immediately by e-mail, and delete > the original message. >
